Solved

A threat has been eliminated



Show first post

31 replies

Userlevel 7
Ah ok that is different, let me see If I can fix that.
Userlevel 7
Hmm I cant find the info on that file, can you post the cleanup logs or MD5?
Userlevel 6
That's the analyse.logs:
 
30-06-2013 17:43:10.0985 Begin passive write scan (1 file(s)) 30-06-2013 17:43:12.0420 End passive write scan (1 file(s)) 30-06-2013 17:44:00.0405 Begin passive write scan (1 file(s)) 30-06-2013 17:44:01.0404 End passive write scan (1 file(s)) 30-06-2013 17:57:14.0822 Begin passive write scan (1 file(s)) 30-06-2013 17:57:16.0350 End passive write scan (1 file(s)) 30-06-2013 18:04:39.0009 Begin passive write scan (1 file(s)) 30-06-2013 18:04:40.0238 End passive write scan (1 file(s)) 30-06-2013 18:04:48.0014 Begin passive write scan (1 file(s)) 30-06-2013 18:04:48.0943 End passive write scan (1 file(s)) 30-06-2013 18:05:01.0000 A suspicious file was detected: c:users
obertdesktoplanguagepack_french.exe - D2AFB7BBE8DDF4C4BD05537BD1598870 - 00080801 30-06-2013 18:05:01.0000 File blocked in realtime: c:users
obertdesktoplanguagepack_french.exe [MD5: D2AFB7BBE8DDF4C4BD05537BD1598870, Size: 517696 bytes] [526337/00000020] [(null)] 30-06-2013 18:05:01.0002 Monitoring process C:UsersRobertDesktopLanguagePack_French.exe [D2AFB7BBE8DDF4C4BD05537BD1598870]. Type: 3 (4666) 30-06-2013 18:05:01.0002 Monitoring process C:UsersRobertDesktopLanguagePack_French.exe [D2AFB7BBE8DDF4C4BD05537BD1598870]. Type: 4 (4666) 30-06-2013 18:05:01.0002 Monitoring process C:UsersRobertDesktopLanguagePack_French.exe [D2AFB7BBE8DDF4C4BD05537BD1598870]. Type: 5 (4666) 30-06-2013 18:05:01.0003 Monitoring process C:UsersRobertDesktopLanguagePack_French.exe [D2AFB7BBE8DDF4C4BD05537BD1598870]. Type: 8 (4666) 30-06-2013 18:05:01.0125 A suspicious file was detected: c:users
obertdesktoplanguagepack_french.exe - D2AFB7BBE8DDF4C4BD05537BD1598870 - 00080801 30-06-2013 18:05:01.0125 File blocked in realtime: c:users
obertdesktoplanguagepack_french.exe [MD5: D2AFB7BBE8DDF4C4BD05537BD1598870, Size: 517696 bytes] [526337/00000020] [(null)] 30-06-2013 18:05:13.0984 Determination flags modified: c:users
obertdesktoplanguagepack_french.exe - MD5: D2AFB7BBE8DDF4C4BD05537BD1598870, Size: 517696 bytes, Flags: 00000020 30-06-2013 18:05:42.0475 Performing cleanup entry: 1 30-06-2013 18:05:43.0276 Scan Started: [ID: 37 - Flags: 551/128] 30-06-2013 18:06:50.0337 Connected to B5 30-06-2013 18:06:54.0338 Scan Results: Files Scanned: 38408, Duration: 1m 10s, Malicious Files: 0 30-06-2013 18:06:54.0348 Scan Finished: [ID: 37 - Seq: 70992414]
Userlevel 7
I think we have got mixed up that screenshot is related to the file that I have already whitelisted. That message from Windows is due to the fact that you are downloading a .exe. Its normal and isnt anything to do with Webroot. That file is good in our database.
Userlevel 6
@ wrote:
I think we have got mixed up that screenshot is related to the file that I have already whitelisted. That message from Windows is due to the fact that you are downloading a .exe. Its normal and isnt anything to do with Webroot. That file is good in our database.
Hello Roy,
You are right, the first message is from Windows but after downloading this .exe Webroot deleted it and moved it in quarantine:@
Userlevel 7
It shouldnt be removing it, unless something weird is going on. I will need support logs at this stage.

Reply